Junos OS: Subscribing to telemetry sensors at scale causes all...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS).

Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.
The issue was not seen when YANG packages for the specific sensors were installed.

This issue affects Junos OS:

* all versions before 22.4R3-S7,
* 23.2 version before 23.2R2-S4,
* 23.4 versions before 23.4R2.

Basic Information

ID CVE-2026-21903

Source juniper

Published Jan 15, 2026 at 20:18

Affected Product

Vendor Juniper Networks

Product Junos OS

Affected Versions Juniper Networks Junos OS 0
Juniper Networks Junos OS 23.2
Juniper Networks Junos OS 23.4

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u00a0authenticated\u00a0with low privileges to cause a Denial-of-Service (DoS).\n\n\n\nSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\nThe issue was not seen when YANG packages for the specific sensors were installed. \n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S7,\n  *  23.2 version before 23.2R2-S4,\n  *  23.4 versions before 23.4R2.",
    "published": "2026-01-15T20:18:36.767Z",
    "modified": "2026-01-15T20:18:36.767Z",
    "type": "cve",
    "title": "Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash",
    "source": "juniper",
    "references": "https://supportportal.juniper.net/JSA106022\nhttps://kb.juniper.net/JSA106022",
    "id": "CVE-2026-21903",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "Juniper Networks Junos OS 0\nJuniper Networks Junos OS 23.2\nJuniper Networks Junos OS 23.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Junos OS",
    "version": "0",
    "vendor": "Juniper Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash_CVE-2026-21903